We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:PowerShell/Downloader.SB
Aliases: No associated aliases
Summary
Trojan:PowerShell/Downloader.SB is a generic detection of PowerShell script generated by PhonyC2 Framework used by Mango Sandstorm, a nation-state actor linked to the Iranian government.
Read the following blog for details:
As the malware is part of suspicious activity that might be attributed to a nation-state threat group, it is advised to remove any affected device from the network. Thoroughly investigate the network for any other signs of infection.
Tamper protection should be turned on in Microsoft Defender for Endpoint to help prevent antivirus tampering and misconfiguration by malicious apps and actors. Conditional Access policies also help in evaluating and enforcing security policies every time a user attempts to sign in.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.